Squarespace is one of the most popular website builders because it’s incredibly user-friendly, intuitive, and sleek. In addition, the platform offers tons of tools and plugins that you can use to create any kind of website you want, including an ecommerce store.
However, some things are required when using this builder, and one of them is to make a privacy policy for your Squarespace site.
Read on to learn more about why Squarespace requires a privacy policy and how to create one that’s fully compliant with the platform’s data privacy requirements and data privacy laws.
- Is a Privacy Policy Required for Squarespace Websites?
- How To Generate a Squarespace Privacy Policy
- What To Include in Your Squarespace Site’s Privacy Policy
- How To Add a Privacy Policy Page to Your Squarespace Site
- How To Link to Your Squarespace Site’s Privacy Policy
- Example of a Squarespace Privacy Policy
- Summary
Is a Privacy Policy Required for Squarespace Websites?
Yes, you need to have a privacy policy for Squarespace websites. It is required by law as well as by Squarespace itself.
Section 7 of Squarespace’s terms of service states that you must create and let your users access a legally compliant privacy policy, including a cookie policy. You must also comply with relevant privacy legislation where applicable, such as the EU’s General Data Protection Regulation (GDPR) and the EU ePrivacy Directive/Regulation.
There are also other reasons for creating a privacy policy for Squarespace websites, such as:
- To build trust with users: Users are more likely to trust your website if you have a solid privacy policy that they can access on-demand. A privacy policy shows your dedication to protecting users’ privacy rights and that you prioritize their user experience and safety.
- To limit your legal liability: You can get in serious trouble with the law if you don’t have a privacy policy.
- To do the right thing: Finally, you should use a privacy policy to inform users about their privacy rights because it’s the right thing to do. Everyone has the right to decide how their personal information can be used or accessed.
How To Generate a Squarespace Privacy Policy
There are three main ways to create a privacy policy for Squarespace websites:
Managed Solution (Recommended)
The easiest way to create a privacy policy for Squarespace websites is to use a managed solution. A managed solution is a site or app that walks you through creating a privacy policy by asking you all the questions it needs to put together your policy.
Create a Privacy Policy for Squarespace With Termly
Here’s how you can use Termly’s generator to create a comprehensive privacy policy for your Squarespace site:
Step 1: Go to Termly’s privacy policy generator.
Step 2: Answer a few simple prompts and questions, and go through all of the steps until you reach “Final Details.”
Step 3: Once you’ve filled in everything and you are satisfied with the preview, click “Publish.” You will then be prompted to create an account on Termly so you can save and edit your privacy policy further.
These are some of the questions you need to be ready to answer in our generator:
- What’s the business name of your company? Are you doing business under a short or trade name?
- Do you have users in the EU, UK, Iceland, Switzerland, Norway, or Liechtenstein?
- If yes, the managed solution will add a section to ensure GDPR compliance.
- Do you collect the information of Californian residents?
- If yes, the managed solution will add in a section to ensure your policy complies with the California Consumer Privacy Act (CCPA).
- What kind of personal information do you collect from users?
- How will you use the information you collect?
- Do you have a data protection officer (DPO) to oversee your compliance with US, EU, and UK privacy laws? If not, will you be appointing one in the future?
After you’ve answered everything, press the final “save and next” or “done” button. We will then send over your privacy policy to put on your Squarespace website.
Using a Template
Another way to create a privacy policy for your Squarespace site is to use a privacy policy template. Templates already come with all of the legal language and clauses you need, so all you have to do is edit, add, and remove language as required.
Templates offer more flexibility than a managed solution since you can directly add and modify existing language in Microsoft Word or Google Docs. You can also combine multiple templates and move sections around if you need be.
Do It Yourself (Not Recommended)
Finally, you can make your privacy policy from scratch. This option will take more time than a managed solution or template. You should also be cautious if you don’t have any experience with or knowledge of data privacy laws. If you choose to use this option, we have written out some tips for you below.
What To Include in Your Squarespace Site’s Privacy Policy
What you include in your Squarespace site’s privacy policy usually depends on the location of your users.
For example, if you have users in the EU, you need to make your policy comply with the GDPR. In the same vein, if you have users in California, you may need to add language that makes your policy compliant with the CCPA.
However, you should also keep in mind that the internet is a global marketplace. Therefore, you will need to consider privacy regulations from all over the world, such as:
General Data Protection Regulation (GDPR)
The GDPR is one of the farthest-reaching privacy regulations. It applies to any website or business that has the personal data of EU residents. To comply with the GDPR, your privacy policy will have to include the following:
- Your company’s contact details: Give users a way to contact your business or company representative.
- Users’ privacy rights: These include the existence of each data subject’s rights, the right to file complaints with supervisory authorities, and the right to withdraw consent at any time.
- Your DPO’s contact details: If you have to pick a DPO, you must include their contact details in your privacy policy — this makes it easier for your users to contact them if they have any questions about their rights under the GDPR.
- An EU representative’s contact details: You may need to appoint an EU-based representative and provide their contact details in your Squarespace privacy policy if you’re a data controller and your company isn’t in the EU.
- An explanation for why you’re collecting users’ data: You need to do this for every piece of data you collect from your users. You also need to outline the legal justifications for every action you do when collecting and using their personal information.
-
An explanation that you will provide detailed information for personal information transfers: Mention that you will provide users with detailed information about cross-border personal data transfers, including:
- The destination country of the transfer
- The risks of the transfer
- The safeguards you have in place
- Whether the recipient is covered under the EU Commission
- Whether your site has an automated decision-making system: Include information about how this system was set up and the consequences of using such a system.
California Consumer Privacy Act (CCPA)
An office or physical presence is not required in California (or the United States) for a business to fall under the CCPA scope. You must comply with the CCPA if your company collects data from California residents and meets at least one of the following thresholds:
- You have annual gross revenues of at least $25 million.
- You derive 50% or more of your annual revenues from selling Californian consumers’ personal information.
- You annually buy, receive for commercial purposes, sell, or share for commercial purposes, the personal information of over 50,000 consumers, households, or devices in California.
Writing a CCPA-compliant privacy policy for a Squarespace website is a lot like drafting a GDPR-compliant privacy notice. The main difference is that you don’t have to appoint an EU representative. Just modify the language to fit the CCPA requirements. Otherwise, you should cover the same points.
Children’s Online Privacy Protection Act (COPPA)
If you collect information from children under the age of 13, you need to make your privacy policy compliant with the US Children Online Privacy Protection Act (COPPA). Like the other laws on this list, COPPA applies regardless of your location.
To comply with COPPA, your privacy policy should have an easy-to-access section titled “Children.” This section will explain how you handle a child’s personal data and parents’ rights over their child’s data.
California Online Privacy Protection Act (CalOPPA)
Finally, you need to make your Squarespace site’s privacy policy comply with the California Online Privacy Protection Act (CalOPPA) if you collect personal data from California residents.
CalOPPA doesn’t require radically different measures than the other legislations we’ve covered above. However, there are certain things you want to check to ensure full compliance:
Make sure you place the privacy policy link in a conspicuous area.
CalOPPA has strict requirements for “conspicuousness.” Most websites link their privacy policies in the footers of their sites and apps, but that may not be enough for CalOPPA.
According to section 22577 of CalOPPA, the link must have the word “privacy” in it. It should also use a font, size, or color that’s easily distinguished from the rest of the text so that a “reasonable person would notice it.”
As such, you should try to make your privacy policy link stick out by making it a different color or using bold font.
Update users when you make changes to the privacy policy.
CalOPPA also requires you to inform users when you change your privacy policy. To ensure that everyone is on the same page and knows their rights at any given time, you should announce any changes to your privacy policy before or when the changes occur.
You should also include:
- A section that lets users know how you plan to inform them of future changes to the privacy policy
- The last effective date of your privacy policy (this should be at the very top of your privacy policy webpage)
How To Add a Privacy Policy Page to Your Squarespace Site
After you’ve finished creating your privacy policy for Squarespace, it’s time to add it to a page on your Squarespace website.
Just follow this step-by-step guide to add a privacy policy to your Squarespace website:
Step 1: Go to the Home Menu and click Pages.
Step 2: Once the Pages panel opens, click the + icon. Then, click Blank Page
Step 3: Type “Privacy Policy” in the page’s title field.
Step 4: While you are still on your newly created Privacy Policy page, click Edit to open the editor.
Step 5: Click the blue “Add Section” button, then click Text.
This option allows you to choose a text-based page format that you can use to display your privacy policy on Squarespace. Choose whichever style you feel is right for your site.
Step 6: After selecting a text-based page format, paste in your privacy policy and edit the font size, color, and other details as needed.
Step 7: Click Done once you’ve completed the previous step.
How To Link to Your Squarespace Site’s Privacy Policy
Now that you’ve created your privacy policy for Squarespace, it’s time to add a link to it in your website’s footer.
Here’s how to link to your newly created Squarespace privacy policy:
Step 1: Repeat “Step 4” from above and while you editing your privacy policy page, scroll down, hover your mouse over the footer area and click Edit Footer to open the Footer Editor.
Step 2: Hover over where you want to put a link to your privacy policy. You should see blue + signs showing where you can add text. Click on where you want to show your footer link.
Step 3: Pick Text from the menu to add the “Privacy Policy” text to the footer link.
Step 4: Click Done once you’ve completed the above step.
Example of a Squarespace Privacy Policy
Here is a great example of how you can add and link a privacy policy for Squarespace.
BEMBIEN
Bembien, an ecommerce store hosted on Squarespace, includes a clickable link to its privacy policy in its footer.
Bembien’s privacy policy is concise yet detailed and contains all of the information that most privacy laws require, such as:
- What the company does with users’ information
- How the company obtains user consent to use their information
- How users can withdraw consent
- What third-party services Bembien uses
- Bembien’s security practices (to ensure that their users’ data isn’t misused, disclosed, destroyed, altered, or lost)
- How the company will inform users of material changes to their privacy policy
- The contact information of their Privacy Compliance Officer
Summary
If you have a Squarespace site, make sure to have a valid privacy policy — it is required by law and by Squarespace’s Terms of Service. A comprehensive privacy policy also shows that you’re an ethical company that cares about your users’ rights and customer experience.
More about the author
Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP
Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes... More about the author
